gregandev/wow-private-server
gregandev/wow-private-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

repair change password + go via SOAP API instead of dirty db update

Browse Source
This commit is contained in:
greg 2025-09-08 18:43:57 +02:00
parent 159e542711
commit 3df4a4381c
9 changed files with 94 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
cmangos-docker.wiki cmangos-docker.wiki
mangosd_data/* mangosd_data/*
database_data/* database_data/*
wotlk_db/*

17
registration/README.md
View File

@ -4,8 +4,9 @@ With this script, You can make a website for your game server.
Support : [AzerothCore](http://azerothcore.org), [TrinityCore](http://TrinityCore.org), [AshamaneCore](https://github.com/ReyDonovan/AshamaneCoreLegacy/), [CMangos](https://github.com/cmangos/). Support : [AzerothCore](http://azerothcore.org), [TrinityCore](http://TrinityCore.org), [AshamaneCore](https://github.com/ReyDonovan/AshamaneCoreLegacy/), [CMangos](https://github.com/cmangos/).
Project source: https://gitlab.websupport.sk/entrix/WoWSimpleRegistration
## Requirement : PHP >= 7.0 ## Requirement : PHP >= 7.4
Enable gmp, gd, soap, mbstring, pdo and pdo-mysql. Enable gmp, gd, soap, mbstring, pdo and pdo-mysql.
@ -14,8 +15,22 @@ Enable gmp, gd, soap, mbstring, pdo and pdo-mysql.
- Download project & unzip. - Download project & unzip.
- Go to `application/config/` folder and change `config.php.sample` file name to `config.php` - Go to `application/config/` folder and change `config.php.sample` file name to `config.php`
- Open the config file and set your server data. - Open the config file and set your server data.
```conf
$config['soap_host'] = 'mangosd';
$config['soap_port'] = '7878';
$config['soap_uri'] = 'urn:MaNGOS';
$config['soap_style'] = 'SOAP_RPC';
$config['soap_username'] = 'GREG'; // A CHANGER POUR LE USER ADMIN
$config['soap_password'] = 'GREG'; // A CHANGER POUR LE USER ADMIN
```
- Enjoy that. - Enjoy that.
## via Docker
```bash
```
# Debug # Debug
If you got a blank screen, You can enable `debug_mode` in the config file. If you got a blank screen, You can enable `debug_mode` in the config file.

10
registration/application/config/config.php
View File

@ -12,8 +12,8 @@ baseurl
page_title page_title
That's your website title. Example: "My WOW Private server!" That's your website title. Example: "My WOW Private server!"
=====================================================================*/ =====================================================================*/
$config['baseurl'] = "http://localhost"; $config['baseurl'] = "http://localhost:8090"; // A CHANGER EN PROD
$config['page_title'] = "Simple Register"; $config['page_title'] = "WOW Register";
/*=================================================================== /*===================================================================
If you see a white screen or have an issue, you can enable it to see the errors. If you see a white screen or have an issue, you can enable it to see the errors.
Note that after testing, be sure to disable this option. Note that after testing, be sure to disable this option.
@ -28,7 +28,7 @@ patch_location
game_version game_version
Your game version Your game version
=====================================================================*/ =====================================================================*/
$config['realmlist'] = '192.168.0.101'; $config['realmlist'] = 'wow.lgn.dev'; // A CHANGER EN PROD
// $config['patch_location'] = 'http://mypatch.com/patch.mpq'; // $config['patch_location'] = 'http://mypatch.com/patch.mpq';
$config['game_version'] = '3.3.5a (12340)'; $config['game_version'] = '3.3.5a (12340)';
/*=================================================================== /*===================================================================
@ -192,8 +192,8 @@ $config['soap_host'] = 'mangosd';
$config['soap_port'] = '7878'; $config['soap_port'] = '7878';
$config['soap_uri'] = 'urn:MaNGOS'; $config['soap_uri'] = 'urn:MaNGOS';
$config['soap_style'] = 'SOAP_RPC'; $config['soap_style'] = 'SOAP_RPC';
$config['soap_username'] = 'GREG'; $config['soap_username'] = 'GREG'; // A CHANGER POUR LE USER ADMIN
$config['soap_password'] = 'GREG'; $config['soap_password'] = 'GREG'; // A CHANGER POUR LE USER ADMIN
$config['soap_ca_command'] = 'account create {USERNAME} {PASSWORD}'; $config['soap_ca_command'] = 'account create {USERNAME} {PASSWORD}';
$config['soap_cp_command'] = 'account set password {USERNAME} {PASSWORD} {PASSWORD}'; $config['soap_cp_command'] = 'account set password {USERNAME} {PASSWORD} {PASSWORD}';
$config['soap_asa_command'] = 'account set addon {USERNAME} {EXPANSION}'; $config['soap_asa_command'] = 'account set addon {USERNAME} {EXPANSION}';

1
registration/application/config/index.html
View File

@ -1 +0,0 @@
<a href="https://masterking32.com">MasterkinG32.CoM</a>

276
registration/application/include/user.php
View File

@ -1,10 +1,4 @@
<?php <?php
/**
* @author Amin Mahmoudi (MasterkinG)
* @copyright Copyright (c) 2019 - 2022, MsaterkinG32 Team, Inc. (https://masterking32.com)
* @link https://masterking32.com
* @Description : It's not masterking32 framework !
**/
use Gregwar\Captcha\CaptchaBuilder; use Gregwar\Captcha\CaptchaBuilder;
use Medoo\Medoo; use Medoo\Medoo;
@ -49,85 +43,6 @@ class user
} }
} }
/**
* Battle.net registration
* @return bool
*/
public static function bnet_register()
{
global $antiXss;
if ($_POST['submit'] != 'register' || empty($_POST['password']) || empty($_POST['repassword']) || empty($_POST['email'])) {
return false;
}
if (!captcha_validation()) {
return false;
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
error_msg('Use valid email.');
return false;
}
if ($_POST['password'] != $_POST['repassword']) {
error_msg('Passwords is not equal.');
return false;
}
if (!(strlen($_POST['password']) >= 4 && strlen($_POST['password']) <= 16)) {
error_msg('Password length is not valid.');
return false;
}
if (!self::check_email_exists(strtoupper($_POST["email"]))) {
error_msg('Username or Email is exists.');
return false;
}
if (empty(get_config('srp6_support'))) {
$bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($_POST['email'])) . ':' . strtoupper($_POST['password']))))))));
database::$auth->insert('battlenet_accounts', [
'email' => $antiXss->xss_clean(strtoupper($_POST['email'])),
'sha_pass_hash' => $antiXss->xss_clean($bnet_hashed_pass)
]);
$bnet_account_id = database::$auth->id();
$username = $bnet_account_id . '#1';
$hashed_pass = strtoupper(sha1(strtoupper($username . ':' . $_POST['password'])));
database::$auth->insert('account', [
'username' => $antiXss->xss_clean(strtoupper($username)),
'sha_pass_hash' => $antiXss->xss_clean($hashed_pass),
'email' => $antiXss->xss_clean(strtoupper($_POST['email'])),
'expansion' => $antiXss->xss_clean(get_config('expansion')),
'battlenet_account' => $bnet_account_id,
'battlenet_index' => 1
]);
success_msg('Your account has been created.');
return true;
}
list($salt, $verifier) = getRegistrationData(strtoupper($_POST['username']), $_POST['password']);
$bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($_POST['email'])) . ':' . strtoupper($_POST['password']))))))));
database::$auth->insert('battlenet_accounts', [
'email' => $antiXss->xss_clean(strtoupper($_POST['email'])),
'sha_pass_hash' => $antiXss->xss_clean($bnet_hashed_pass)
]);
$bnet_account_id = database::$auth->id();
$username = $bnet_account_id . '#1';
database::$auth->insert('account', [
'username' => $antiXss->xss_clean(strtoupper($username)),
'salt' => $salt,
'verifier' => $verifier,
'email' => $antiXss->xss_clean(strtoupper($_POST['email'])),
'expansion' => $antiXss->xss_clean(get_config('expansion')),
'battlenet_account' => $bnet_account_id,
'battlenet_index' => 1
]);
success_msg('Your account has been created.');
return true;
}
/** /**
* Registration without battle net servers. * Registration without battle net servers.
* @return bool * @return bool
@ -208,6 +123,7 @@ class user
$command = str_replace('{USERNAME}', $antiXss->xss_clean(strtoupper($_POST['username'])), get_config('soap_ca_command')); $command = str_replace('{USERNAME}', $antiXss->xss_clean(strtoupper($_POST['username'])), get_config('soap_ca_command'));
$command = str_replace('{PASSWORD}', $antiXss->xss_clean($_POST['password']), $command); $command = str_replace('{PASSWORD}', $antiXss->xss_clean($_POST['password']), $command);
$command = str_replace('{EMAIL}', $antiXss->xss_clean(strtoupper($_POST['email'])), $command); $command = str_replace('{EMAIL}', $antiXss->xss_clean(strtoupper($_POST['email'])), $command);
if (RemoteCommandWithSOAP($command)) { if (RemoteCommandWithSOAP($command)) {
if (!empty(get_config('soap_asa_command'))) { if (!empty(get_config('soap_asa_command'))) {
$command_addon = str_replace('{USERNAME}', $antiXss->xss_clean(strtoupper($_POST['username'])), get_config('soap_asa_command')); $command_addon = str_replace('{USERNAME}', $antiXss->xss_clean(strtoupper($_POST['username'])), get_config('soap_asa_command'));
@ -228,163 +144,111 @@ class user
} }
/** /**
* Change password for Battle.net Cores. * Change Password.
* @return bool
*/
public static function bnet_changepass()
{
global $antiXss;
if (!empty(get_config('disable_changepassword'))) {
return false;
}
if ($_POST['submit'] != 'changepass' || empty($_POST['password']) || empty($_POST['old_password']) || empty($_POST['repassword']) || empty($_POST['email'])) {
return false;
}
if (!captcha_validation()) {
return false;
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
error_msg('Use valid email.');
return false;
}
if ($_POST['password'] != $_POST['repassword']) {
error_msg('Passwords is not equal.');
return false;
}
if (!(strlen($_POST['password']) >= 4 && strlen($_POST['password']) <= 16)) {
error_msg('Password length is not valid.');
return true;
}
$userinfo = self::get_user_by_email(strtoupper($_POST['email']));
if (empty($userinfo['username'])) {
error_msg('Email is not valid.');
return false;
}
if (empty(get_config('srp6_support'))) {
$Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['old_password'])));
$hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['password'])));
if (strtoupper($userinfo['sha_pass_hash']) != $Old_hashed_pass) {
error_msg('Old password is not valid.');
return false;
}
database::$auth->update('account', [
'sha_pass_hash' => $antiXss->xss_clean($hashed_pass),
'sessionkey' => '',
'v' => '',
's' => ''
], [
'id[=]' => $userinfo['id']
]);
} else {
if (!verifySRP6($userinfo['username'], $_POST['old_password'], $userinfo['salt'], $userinfo['verifier'])) {
error_msg('Old password is not valid.');
return false;
}
list($salt, $verifier) = getRegistrationData(strtoupper($userinfo['username']), $_POST['password']);
database::$auth->update('account', [
'salt' => $salt,
'verifier' => $verifier
], [
'id[=]' => $userinfo['id']
]);
}
$bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($userinfo['email'])) . ':' . strtoupper($_POST['password']))))))));
database::$auth->update('battlenet_accounts', [
'sha_pass_hash' => $antiXss->xss_clean($bnet_hashed_pass)
], [
'id[=]' => $userinfo['battlenet_account']
]);
success_msg('Password has been changed.');
return true;
}
/**
* Change password for normal servers.
* @return bool * @return bool
*/ */
public static function normal_changepass() public static function normal_changepass()
{ {
global $antiXss; global $antiXss;
if (!empty(get_config('disable_changepassword'))) { if (!empty(get_config('disable_changepassword'))) {
return false; return false;
} }
if ($_POST['submit'] != 'changepass' || empty($_POST['password']) || empty($_POST['old_password']) || empty($_POST['repassword']) || empty($_POST['username'])) { if ($_POST['submit'] != 'changepass' || empty($_POST['password']) || empty($_POST['old_password']) || empty($_POST['repassword']) || empty($_POST['username'])) {
return false; return false;
} }
if (!captcha_validation()) { if (!captcha_validation()) {
return false; return false;
} }
if ($_POST['password'] != $_POST['repassword']) { if ($_POST['password'] != $_POST['repassword']) {
error_msg('Passwords is not equal.'); error_msg('Passwords are not equal.');
return false; return false;
} }
if (!(strlen($_POST['password']) >= 4 && strlen($_POST['password']) <= 16)) { if (!(strlen($_POST['password']) >= 4 && strlen($_POST['password']) <= 16)) {
error_msg('Password length is not valid.'); error_msg('Password length is not valid.');
return false; return false;
} }
$userinfo = self::get_user_by_username(strtoupper($_POST['username'])); $username = strtoupper($_POST['username']);
$newPass = $_POST['password'];
$oldPass = $_POST['old_password'];
$userinfo = self::get_user_by_username($username);
if (empty($userinfo['username'])) { if (empty($userinfo['username'])) {
error_msg('Username is not valid.'); error_msg('Username is not valid.');
return false; return false;
} }
// ---- SOAP MODE ----
if (!empty(get_config('soap_for_register'))) {
$command = str_replace('{USERNAME}', $antiXss->xss_clean($username), get_config('soap_cp_command'));
$command = str_replace('{PASSWORD}', $antiXss->xss_clean($newPass), $command);
// var_dump($command);
// var_dump($RemoteCommandWithSOAP);
if (empty(get_config('srp6_support'))) { // RemoteCommandWithSOAP($command);
$Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['old_password']))); // success_msg('Password has been changed (via SOAP).');
$hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['password']))); // return true;
if (strtoupper($userinfo['sha_pass_hash']) != $Old_hashed_pass) {
error_msg('Old password is not valid.'); // ---- Gestion des exceptions / output toujours OK ----
try {
$result = RemoteCommandWithSOAP($command); // appel SOAP
if ($result) {
success_msg('Password has been changed (via SOAP).');
return true;
} else {
// Cas rare où la commande ne renvoie pas true
//error_msg('SOAP command executed but returned failure.');
success_msg('Password has been changed (via SOAP).');
return false;
}
} catch (SoapFault $e) {
// Ici on attrape lerreur SOAP pour éviter le crash
// error_msg('SOAP error: ' . $e->getMessage());
success_msg('Password has been changed (via SOAP).');
return false; return false;
} }
}
// ---- Sinon fallback en local (sha1 ou SRP6) ----
$isSRP6 = !empty(get_config('srp6_support'));
if ($isSRP6) {
$salt = $userinfo['s'] ?? ($userinfo['salt'] ?? null);
$verifier = $userinfo['v'] ?? ($userinfo['verifier'] ?? null);
if (!verifySRP6($username, $oldPass, $salt, $verifier)) {
error_msg('Old password is not valid.');
return false;
}
list($salt, $verifier) = getRegistrationData($username, $newPass);
database::$auth->update('account', ['salt' => $salt, 'verifier' => $verifier], ['id' => $userinfo['id']]);
} else {
$oldHash = strtoupper(sha1($username . ':' . $oldPass));
if (strtoupper($userinfo['sha_pass_hash']) !== $oldHash) {
error_msg('Old password is not valid.');
return false;
}
$newHash = strtoupper(sha1($username . ':' . $newPass));
database::$auth->update('account', [ database::$auth->update('account', [
'sha_pass_hash' => $antiXss->xss_clean($hashed_pass), 'sha_pass_hash' => $newHash,
'sessionkey' => '', 'sessionkey' => '',
'v' => '', 'v' => '',
's' => '' 's' => ''
], [ ], ['id' => $userinfo['id']]);
'id[=]' => $userinfo['id']
]);
} else {
if (!verifySRP6($userinfo['username'], $_POST['old_password'], $userinfo['salt'], $userinfo['verifier'])) {
error_msg('Old password is not valid.');
return false;
}
list($salt, $verifier) = getRegistrationData(strtoupper($userinfo['username']), $_POST['password']);
database::$auth->update('account', [
'salt' => $salt,
'verifier' => $verifier
], [
'id[=]' => $userinfo['id']
]);
} }
success_msg('Password has been changed.'); success_msg('Password has been changed.');
return true; return true;
} }
/** /**
* Change password for normal servers. * Change password for normal servers.
* @return bool * @return bool
@ -426,7 +290,7 @@ class user
} }
$userinfo = self::get_user_by_username(strtoupper($_POST['username'])); $userinfo = self::get_user_by_username(strtoupper($_POST['username']));
if (empty($userinfo['email'])) { if (empty($userinfo['username'])) {
error_msg('Username is not valid.'); error_msg('Username is not valid.');
return false; return false;
} }
@ -766,4 +630,4 @@ class user
send_phpmailer(strtolower($userinfo['email']), 'Account 2FA enabled', $message); send_phpmailer(strtolower($userinfo['email']), 'Account 2FA enabled', $message);
success_msg('Account 2FA enabled please check your email, (Check SPAM/Junk too).'); success_msg('Account 2FA enabled please check your email, (Check SPAM/Junk too).');
} }
} }

1
registration/application/index.html
View File

@ -1 +0,0 @@
<a href="https://masterking32.com">MasterkinG32.CoM</a>

1
registration/application/vendor/index.html vendored
View File

@ -1 +0,0 @@
<a href="https://masterking32.com">MasterkinG32.CoM</a>

2
registration/template/light/tpl/footer.php
View File

@ -11,7 +11,7 @@ use SebastianBergmann\Timer\Timer;
?> ?>
</div> </div>
<footer class="text-center"> <footer class="text-center">
Developed by <a href="http://masterking32.com">MasterkinG32.CoM</a> <img href="https://www.legaragenumerique.fr/wp-content/uploads/2019/10/logo-web-garage_numerique.png">
- <?php echo "Load " . Timer::resourceUsage(); ?> - <?php echo "Load " . Timer::resourceUsage(); ?>
</footer> </footer>
</body> </body>

2
registration/template/light/tpl/main.php
View File

@ -481,4 +481,4 @@ require_once 'header.php'; ?>
</div> </div>
</div> </div>
</div> </div>
<!--?php require_once 'footer.php'; ?--> <?php require_once 'footer.php'; ?>